1f0e7d8526f67dc4ab7e2e377a94b24da7a33d2a2d387840b1abf05ae488d7f6

Analysis

max time kernel
12s
max time network
136s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
07-09-2024 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d10f07211b6251e54fa4b12c5eb41926_JaffaCakes118.apk
Size

30.2MB
MD5

d10f07211b6251e54fa4b12c5eb41926
SHA1

b660ba885c1677afc2033f9d53c5960129e19704
SHA256

1f0e7d8526f67dc4ab7e2e377a94b24da7a33d2a2d387840b1abf05ae488d7f6
SHA512

37974b2bd34c8df0c036491872695130bf82345484e3da4ff7145e6b39778624ea5013ac15ceb6e32959b7468f76aac8db751c72ed29263348b779dbf0b02d7c
SSDEEP

786432:B/0aqi1/kwmNX/TOWcY5dZ5tW0bNlvrLHIaDoeEYL:BMIaNywdZW0zHZL

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.cyb.app

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.cyb.app/mix.dex	5064	com.cyb.app
/data/data/com.cyb.app/mix.dex	5064	com.cyb.app

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.cyb.app

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cyb.app

com.cyb.app
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5064

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cyb.app/app_bugly/rqd_record.eup

Filesize
344B

MD5
cf36074f75bdb20ba156124a8007d06f

SHA1
cc6ab570f9a54879fd2e0245f1ae19c06b1afaff

SHA256
fdeb06b846c7e2f35358095df0b44f5ce6b0af4fe93e846ffbfd6c855c3eab32

SHA512
6eecf204c79f437c2b28d037e2e299d23598f41e0276134764ae60ae3ced985fee735315f4e94bf3494e9131368be2bccd5e8015cdd1ec4ba51fe2d516cd0db3

Download Submit
/data/data/com.cyb.app/app_bugly/rqd_record.eup

Filesize
1KB

MD5
dba9a012d938ba1f4a1d8484baf06a06

SHA1
1780673e688021e1ae45aabf7b74a77abcffb717

SHA256
19998183bed690bc12e41793fd29618f20386f6873d7fb1f2f6caa584772b9ad

SHA512
b7a4553af871f8a59dc411601ccbeffca6702d26195b500f5b15e2e46b02a32e3c13b5782e5a09c7d1bf95ba76c8002ee4a3834ff77f5a45081c3eb90cb31773

Download Submit
/data/data/com.cyb.app/app_bugly/tomb_1725963655575.txt

Filesize
19KB

MD5
a516bc7628da8f5c05d0d04e1ed8d2e5

SHA1
4a4228968cc732862559dfc51798022ccfa7709e

SHA256
b73957c79997247e798a94e8425fdca5dc00d8491c820f01c5b845cab936aa30

SHA512
4621f5073f76df97153db934bbe86474eec7808bb217630d033b8ff7c662dff5dd74449713ebd804f0cd9639eed9f95be4c58d1ca2df50efc082762744b3bda7

Download Submit
/data/data/com.cyb.app/cache/tomb.zip

Filesize
4KB

MD5
58b5e29d4f469c17045f760ec7a2dfbc

SHA1
e53d7d8845d9661f643fe972b62902374d0ab01e

SHA256
ea895e771e986919ca63d5b362391c785aa7f057b1b8d2d43f91a4e32c5497e7

SHA512
c70136eadfd4401dd0d59dedc35a86dff71f7ceb3242af492dfe3c3b8d692bcceeccd27a3fe1a1ed375f5c356038ec193896406dea6c3e9d207c28a54e5a981f

Download Submit
/data/data/com.cyb.app/databases/bugly_db_legu

Filesize
172KB

MD5
da99930fe9ddd489010fc6dfd812f587

SHA1
096bc42ce8e143ad259fb2641292ba7f763618b4

SHA256
4643b0819105e05a8573dc5123086a05b05025ae2450b29039a9625262c39de5

SHA512
3cc645eef7111a71bdd058905f07ffdc28d6a19f589b6c94fdf7203f9e1c827d56f9d9274d30c2df62b68891e18a18fec7cc9db4ace53377da3cc563e359c8f7

Download Submit
/data/data/com.cyb.app/databases/bugly_db_legu-journal

Filesize
12KB

MD5
ced4df1bd01a0c7f0a67553024aa69d3

SHA1
94b198b3636e74e3309d5e09304ac9b60d3bab5c

SHA256
961d3cdd4ff21784b52e7228d9f4065d8c95716225c579e1cfd66d2f53a551df

SHA512
c6a7ac19e3fa90dd94636deea2789281efa303ed99fa08db80ed3e8615c3af46fca0fde31423459b7ca7bb89d5e6b549fdc0524c2c21e309e0748140a5d94ec2

Download Submit
/data/data/com.cyb.app/databases/bugly_db_legu-journal

Filesize
512B

MD5
8e71ba68795d614cba120f3daf727dbd

SHA1
0491041b02348062b85cc45462620f6488ec9c7b

SHA256
7fac2366e07f5d242a8f23b70fb359c9d03a0c3f19507a7ee317e923b52146f0

SHA512
ea58f480148a2897195927e1fdf42759856407261f499479655c3e3d0fe3d8fcbeff8dbd93008d0c4252c4efffb4d2efef40c7d416d1dbf25cf72dd140c9def1

Download Submit
/data/data/com.cyb.app/databases/bugly_db_legu-journal

Filesize
8KB

MD5
e32099c2a338a264c6b03608792b1b86

SHA1
a529c38e86b974ae0e8321be6b4ba478663e4bcf

SHA256
e48dd7b222fe6ca7059a0ce2dc2dad460d7f0d3313bcc510dc103e71ec86870b

SHA512
bfec73c604fcabb0573e8da6978cdc07fc4d842f3049af77a725f3f383e7b5d146e7637caecd80376538a728a37446d39b2bec8296fbf22da13e8dd8522a72b0

Download Submit
/data/data/com.cyb.app/databases/bugly_db_legu-journal

Filesize
8KB

MD5
db0db83a7bed360e34b2f8f2079320f1

SHA1
0c3de50b9e9665754f1f5772c7e904ba3e9733ee

SHA256
885158e41192c34597dba9636c71dd7ef39fa8f2273ee757a6b3b5cac0e677a0

SHA512
9afe601ba36b3f6795e96e3266a9091207f5abc2477ecb7d8274afc39c5b5265dfc81047c35fec03d63908c4f4ccb1a75d5004b7b91a17fa03aac73d366ab287

Download Submit
/data/data/com.cyb.app/databases/bugly_db_legu-journal

Filesize
8KB

MD5
9fe3c18fd52a19acab32907dccbfc2d8

SHA1
a2c0e720efe404520b8b5fb2b2951315b2a0d73b

SHA256
5226b8733d1fcadcf0da70c326eecea2ebcdb2029117ece50d16e34a9bf5b556

SHA512
a43a4c54ff461eb02df580638a0ae75d8363d14f67100837964a3a19c12bbf48f1712603af751db8bd8bca89b8a686a37e5a7a73452ed872b99b8dd210c3293e

Download Submit
/data/data/com.cyb.app/databases/bugly_db_legu-journal

Filesize
12KB

MD5
b7fed47e795bf57514db37913a41bee5

SHA1
70313c19dfad69a1c42f67ed96d68a6d6db03a80

SHA256
96c4af34091fe9c300e74bb801e86d6f7534c9966cef7081272156def6e8dea5

SHA512
55d860a8e2d7e9082695502089475c6ea8ac7192b9a6c5d62a487c37fe5d8dc7e7dbc504cf93d5d5f3a7772902ce7043d48e993429d1e25c35bfdabee417d49c

Download Submit
/data/data/com.cyb.app/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads